Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

221

222

223

224

225

226

227

228

229

230

Disk-File Security Commands

Safeguard Reference Manual—520618-013

8-2

Disk-File Access Authorities

The primary owner can also set the PROGID attribute through the ALTER DISKFILE

command. The PROGID attribute is controlled exclusively by the primary owner,

however, and is not transferable.

When a disk file is under Safeguard protection, the Safeguard software controls all

security attributes. The FUP GIVE, LICENSE, REVOKE, and SECURE commands are

superseded by Safeguard protection. Also, FUP INFO displays **** in the RWEP

column indicating that access to the file is controlled by the Safeguard software. The

owner must use SAFECOM DISKFILE commands to manage Safeguard access

controls for the file. If the file is placed automatically under Safeguard control through

the use of the DEFAULT-PROTECTION or PERSISTENT PROTECTION record, FUP

INFO displays the Guardian security string in the RWEP column.

For example, a disk-file owner can use the ALTER DISKFILE command to change the

defined ACL entries. A file owner can also use the FREEZE DISKFILE command to

temporarily suspend access by other users and can later enter a THAW DISKFILE

command to restore access.

OWNER authority can be specified for all disk files protected by the Safeguard

software. OWNER is automatically included whenever the * authority code is used. It

can be abbreviated as O.

With the Safeguard software, the owner of a disk file can also be defined as a network

user. A network user who owns a protected file can use the Safeguard software from a

remote node to control access to that file (provided the user has remote passwords set

up between the two systems).

For more information about controlling the class of objects, see DISKFILE on

page 12-2.

You can also use diskfile patterns to secure disk files. For more information, see the

Safeguard User’s Guide.

Disk-File Access Authorities

The ACL defined for a disk file can grant any combination of these access authorities

to users and user groups:

The Safeguard software can also control the creation of disk files on specific volumes

or subvolumes. For a description of the SAFECOM commands that control file-creation

authority, see Section 9, Disk Volume and Subvolume Security Commands.

READ Read the contents of a disk file

WRITE Modify the contents of a disk file

EXECUTE Run a program object disk file as a process

PURGE Purge a disk file

CREATE Create a disk file

OWNER Manage the authorization record